About Me

I run an IT Security consulting firm based out of India. We started off from scratch in 2001 when I was 21, and have offices in Mumbai, Bahrain, and UAE.
The idea behind the blog is to share the stories of how we run the business, the deals we make, the deals that break, the heartburn, and the sheer joy.

The Ultimate Startup Guide

The Ultimate Startup Guide is an e-book that provides answers to all your questions related to starting and growing a business in India. Everything you wanted to know about entrepreneurship in India from ideation to registration to marketing to hiring. The book contains a large number of practical examples, anecdotes, interviews, and motivational material to help you get started, and to grow rapidly in a booming Indian economy. If you've got the idea, this book will help you through with the execution and realize your dreams.
Here are some of the key questions you will find answered in this book:

When starting a business, what are the legal issues involved?

What form of incorporation is better suited to which type of business?

Wednesday, June 28, 2006

Came across this nice post about good books to read when starting off on your own business:

7 Habits of Highly Effective People by Stephen R. Covey - I have read this one, and if I remember correctly, one of the chapters had a quote of Goethe's “Whatever you do, or dream you can, begin it. Boldness has genius and power and magic in it.”

The Essential Drucker: The Best of Sixty Years of Peter Drucker's Essential Writings On Management - I have read some of Drucker, but not this one. It's now on my books-to-read list.

Think and Grow Rich by Napoleon Hill - I read this one many , many moons ago. Lots of lessons, but not all are applicable today.

The World is Flat by Thomas Friedman - Haven't gotten around to this one yet.

Built to Last : Successful Habits of Visionary Companies by Jim Collins, Jerry I. Porras - I'd strongly recommend this one as well. Also, Collins' other book "Good to Great" is nice.

I'd add to that list the "22 Immutable Laws of Marketing" and the "22 Immutable Laws of Branding" by Al Ries.

I would also recommend some autobiographies, since I find them very inspiring:

Made in Japan - Akio Morita

Iacocca - Lee Iacocca

Losing my Virginity - Richard Branson

Maverick - Ricardo Semler (not exactly an autobiography)

My experiments with truth - M. K. Gandhi

The last one seems an odd choice in a collection of business books, but I feel a philosophical and ethical underpinning to one's work is very essential. And nothing like a lesson in integrity and truth from the Mahatma himself!

Monday, June 26, 2006

How often do we claim that they encroach on our city. My city? Since when did it become my city? When my grandparents escaped persecution in Pakistan during the Partition and settled in the refugee camps at Kurla. Or when they worked their way up to a comfortable existence in Mulund. Or when my family shifted out to Andheri? Does the journey across three suburbs and three generations make it our city? If this is indeed our city, how many of us speak its language - Marathi.

Then there's them. The millions of them, who escape persecution of a different kind - the abject wretchedness of poverty. Imposed by a social order that promotes centuries of economic imbalances deep in the hinterland and pushes the multitudes to the city. And they build their homes here, and capture their million dreams in them.

Why do we dislike and detest the slums so much? Because they remind us that our city is not Shanghai, that it will never be a Shanghai? Or because it reminds us of another India - an India that our cloistered, middle-class existence does not want to admit. Why would we not admit this reality? Their reality. Why would we not want to accept the slums and the people who inhabit it as having as much of a right to this city as we do?

Because they are filthy? Admittedly there is squalor at the periphery of the slums and on the slivery lanes that penetrate into the hearts of the slums. But step inside one of the fragile universes, and I bet it'll be cleaner and tidier than my room is right now.

Or because of the crime? Poverty breeds crime, yes. But so does a lot else. There is as much crime in the highrises of Andheri's Lokhandwala as there is in the sprawling slums of Dharavi.

And we sit in our air-conditioned cars on Ganesh Chaturthi and we curse the processions that hold up the traffic. And we fail to see that the greatest happiness is on the faces of the poorest slum-dwellers, who for those few hours have forgotten the curse of poverty and persecution and periodic demolishments to dance for a God that has all but forgotten them.

They built the flyovers we drive on. They built the towers we live and work in. They built it with their bare hands, carrying the cement in the unforgiving Mumbai sun. All they ask is to lead their lives with dignity, not on our dole, or our noblesse oblige.

If you are in Mumbai, get to the Gateway of India and take one of the tourist jetties out to the sea. As the wind hits your face, and the strong smell of the sea subsides, don't forget to look to your right. On the far right are the slums, and as your eye moves along the coast you see the buildings of what once used to be Mumbai's central business district. And on the sea are the smaller boats bobbing optimistically with the waves and further out are the large container ships moored concretely. And all of it simply belongs to this city - founded on opium money and built by sheer grit. But if you do this at night when there's a full moon, then you see the stars in the black sea, and the shining lights of the Queen's necklace as it embraces the ocean and holds back the city. And late at night take a drive from the Western suburbs to the highway, and then along the seaface onto Marine Drive, unimpeded by traffic. And that's when you realise why it is possible to actually love a city.

Friday, June 23, 2006

Since the core focus of my firm is on information security, and nothing seems to inspire an entrepreneurship-related post, today's Chautauqua shall be on firewalls and bloated rulesets.

In most small-medium enterprises, the maximum number of firewalls I've seen is about 4-5, usually always less than a dozen. But as the size of the organization grows, not only does the number of firewalls increase, but the complexity of the ruleset within the firewall also increases. Sometimes exponentially. This is aided by weak change management processes, where users simply request the change, their department manager approves it, and the security team implements it. As time progresses, the ruleset becomes bloated and reduces the performance of the firewall, since the firewall needs to process the rules in sequence for each packet that arrives until a match is found.

One of our clients has more than a 100 firewalls from three different vendors, and the ruleset varies from a manageable 500 rules to an insane 80,000 rules in one of the Cisco PIX firewalls! There are various reasons that have contributed to this situation:

The weak change management process referred to earlier

Security administrators not checking if a rule to process the same type of traffic has already been added

They do not check if the new request can simply be grouped with an earlier request

If the request is of a temporary nature, they do not check periodically to remove temporary rules.

When we were called in to hack our way through this, we realised manual analysis was impossible, so we built a tool to do this. We also realised that we needed to attack the problem from as many sides as possible:

Analyze the logs to determine which rules were actually being used by the traffic flowing through the firewall

Analyze the configuration to determine redundant rules or groupable rules

Analyze the rule creation process and inhibit rule creation at that stage as well

The tool that we've made for this purpose does the following:

Takes as input the filename containing the firewall configuration, and reads this into a database table.

Analyzes the firewall logs over a given period of time to determine rules, which are being used, and marks the others for deletion

Analyzes rules, which are redundant. I.e., there is some other rule of which this rule is a subset. Thus this rule can be dropped.

Analyzes rules, which can be grouped. If the source and the destination IP addresses are the same, then the ports/services for two rules can be grouped together to create one single rule

Analyze the other components of the configuration, which are not being used and remove those as well.

Initial runs of the tool are resulting in a reduction ranging from 40-60% of the ruleset. Here's a snapshot of the rudimentary GUI we've built. It shows the output for a Cisco PIX firewall, which has been analyzed and a new configuration can be created with the commands listed:For the first two firewalls it produces the output in the actual configuration commands to change the configuration. You could simply copy-paste the output onto the command-line interface (CLI) of the firewall. For Cyberguard, it simply shows the rules and the rule numbers, and these need to be manually dropped from the GUI configuration.

Other products that might be doing the same thing are Algosec and Firemon.

Incidentally, this project has enabled me to gain a much deeper insight into the various firewalls. And I must say Netscreen firewalls are amazingly good, and Cisco PIX has way too many shortcomings. The Cyberguards fall somewhere in between. Checkpoint hasn't been included in the list, but we might include that in the tool's capabilities as well.

Wednesday, June 21, 2006

Lately a topic that has been getting a lot of my interest has been women entrepreneurs in India. You would be amazed at the dearth of material there is out there on women who run their own enterprises. This is illustrated by the fact that most of the information is about Kiran Mazumdar Shaw, the founder of Biocon. The other category of information is about women who have inherited their family run business or parts of it. What is really lacking is stories of first generation women entrepreneurs, or even those who broke out of the mould of their fathers' businesses and did something on their own.

I did come across an interesting story though. This article is an interview of Vrinda Rajgarhia, who runs a confectionary shop in Lokhandwala, Andheri. I used to stay in that area once, so I have actually seen the shop, but never checked out the sweets and candies on display. Having always seen a constant stream of people in the store, it looks like she's doing quite well indeed.

The points to note about her enterprise are:1. Although she comes from a business family, the venture is one which has little or nothing to do with that line of business. As she says "I think that's what most Marwari women do. They just take over the family business. I think doing my own things give me a lot of satisfaction than just joining the existing family business..."2. This is not her first business. She tried one earlier, which was a hosiery manufacturing setup. This probably indicates that her family wasn't averse to her starting another venture, just because the first one failed.3. The idea for the confectionary store didn't just crop up. She'd been thinking about it for a while, but the tax structures prevented it from being a viable enterprise. As soon as the taxes/duties on the goods reduced, she was able to commence operations.4. The enterprise is still not in a "traditional" business domain. In the sense, it reflects one of the issues highlighted in this ILO report on Women Entreprenurs - "Women have a proportionately greater presence in the informal economy and in microenterprises; and they are less represented in formal, registered SMEs."

While this story is a successful one, the fact of the matter is of course that in a strongly patriarchal society like India, masculine hegemonies make it extremely difficult for women to start and succeed at their own ventures. Here are some of the issues I have either read about or seen women face:

1. Lack of family support. Most entrepreneurs would tell you that a significant factor in their success has been the support of their families. And this is not usually financial support, but rather emotional support. Just the fact that they understand that the entrepreneur needs to do what she's trying to do. To not constantly question or nag her. To not make her feel guilty about "neglecting" her family/domestic responsibilities. This happens across all social strata, even with upper middle-class households where the woman's primary responsibility is still overseeing the running of her household. Even if there are maids to do most of the work, a woman is still made to feel as if that's what should be top priority for her. Fact of the matter is that entrepreneurship is one of the most fundamentally independent things a person can attempt. And any hint of independence from a woman strikes at the basis of the hegemony.

2. Lack of capital. Whereas for women from upper middle class households, finance might still be easier to obtain, for those in the lower strata, there is a strong need for loans to be available either from traditional sources such as banks or financial institutions, or from community-based funds. According to this report, women find it easier to access funds from a community-run institution, as this also helps them network and get easier access to market. The fact that most decision makers within the loan departments within traditional institutions are men, doesn't help much either.

3. Lack of confidence and faith. The sheer lack of role models undermines the confidence women have in their own abilities to successfully run independent enterprises. It is important that the role models be local and closer-to-home rather than those from socially and geographically different backgrounds. Nothing inspires more than an attitude of "Hey, she did it, so can I!". The lack of media coverage of successful first generation women entrepreneurs only makes the situation worse. This lack of confidence also results in a lesser ability to aggressively reach out to the market. The entire act of "selling" is seen as something that women simply ought to refrain from.

4. Lack of the right public/private institutions. Although, government policies do exist to make it easier for women small business owners to find funding and markets, these are most often misused by men who use it with their wives fronting through the entire process. Most of the people running these schemes are also well-aware of this potential for misuse and often take the extremely patriarchal view that loans will not be disbursed to a woman unless she is accompanied by her husband or father. Also, government policies cannot be designed at a national level, or inspired by those in existing in other countries. Policies need to be customised to be gender-, location-, and culture-sensitive.

Tuesday, June 20, 2006

Here's how you know you're addicted to the impossible dream of making money through Google Adsense:

1. You check your Google Adsense reports everyday. Sometimes more than once a day. And every time you check, your revenue has increased by the grand sum of 10 cents!

2. You scour the Internet looking for good info on making money from Adsense. You wonder how bloggers like this guy, manage to bring in the dough. You almost contemplate buying that $100 book on building Adsense revenues. But thankfully, better sense prevails. Or you find a cheaper one here. By the way, doesn't the cover look very much like a ripoff of that for Dan Brown's Da Vinci Code?

3. You keep tweaking your Adsense ads and their positions in your template hoping that you suddenly hit a goldmine. By now, you almost remember the Javascript code that accompanies the different layouts.

4. You get depressed when an A-list blogger friend of yours mentions getting thousands of hits per day on her blog, but peanuts in revenues, and then she decides to take the ads off her website!

5. You have read each help file on the Adsense home page, and all the case studies too, and in theory at least can spout as much advise as your blogger aunt. Except that she's actually making more money than you.

Ken Dyck maintains a pretty cool blog, which simply links to the most interesting entrepreneurship-related blog postings he finds over the Internet. Wonderful, because it saves me the trouble of scouring the Internet looking for good articles. Blogroll/bookmark him, if you haven't already done so.

The thing is a lot of blogs on entrepreneurship are run by people who have had no experience with actually running an enterprise. Ken makes no such pretences. And that is refreshing.

I really liked this link about CEO's who are introverts, because as this anonymous blog shows, I prefer to work from behind the shadows and get the work done rather than worry whether the press is reporting our accomplishments or not.

Incidentally, I am back to blogging with a vengeance (three posts today). My book draft is with the publishers and the project I am working on worked out quite well today morning. We rolled out the first firewall implementation at 2:00am in the morning. And even though I've had only 3 hours of sleep in the past 36 hours, I am very kicked that our process worked without a hitch. Will post in more detail about this project shortly.

Saturday, June 17, 2006

Some clarifications - I am not an anarchist (not yet anyway), and not even a pro-laissez faire libertarian. But sometimes, the government just screws your entire day. This is how.

I thought we had all our tax liabilities figured out (Income tax, Service Tax, VAT, Professional Tax, Tax Deducted at Source, etc.), when in walks a lady "inspector" from the "Maharashtra Labour Welfare Board", and asks us how many employees we have. Based on this information, she shows us the Mumbai Labour Welfare Fund Act, 1953 according to which we are supposed to pay them on a per employee per month basis every 6 months! Argh!

Apparently, here are the rules:If a company has more than five employees then that company is liable to pay for Labour Welfare fund twice in a year (i.e in June & December).

The rate slabs are as follows:Salary below Rs. 3000/- (employee's contribution is Rs. 6/- & employer's contribution is Rs. 18/- for six month)Salary above Rs. 3000/- (employee's contribution is Rs. 12/- & employer's contribution is Rs. 36/- for six month)A bit of Googling shows http://www.on-lyne.info/legal6.htm, which gives slightly different rates than what the lady prescribed.

Based on her calculations, and with 16 employees she has given us a claim letter which says that we have to now pay Rs. 3,360/- in first week of July. Well, agreed, it's a piddling little amount, but it's just an irritating impediment to getting on with work.

I mean, if you look at all the taxes we end up paying, let's say we get paid Rs. 100, here is how the cookie crumbles:

Rs. 5.25 is deducted by the client as Tax Deducted at Source (TDS)

Rs. 12.24 goes as Service Tax and educational cess

Rs. 15.75 from the gross profit on the Rs. 100 goes as income tax - paid every quarter for that quarter. This is calculated as follows. We assume a gross profit of 45% on the total receipts for that quarter, and apply a tax rate of 35% on that. Which comes to 35% on Rs. 45 for the Rs. 100 earned.

Rs. 200 per employee per month goes as Professional Tax. Amortize that over our earnings

For every employee, their tax component is to be paid for by the company, or we are liable for penalties

It's not that we don't pay our taxes on time or evade them. It is also not the case that starting one's own business in India is difficult - we were up and running relatively quickly. But just when you think you've got it all figured out, in traipses an inspector and squeezes a few more thousands out of you. Sheesh!

Thursday, June 15, 2006

Here's some interesting news from around the country about Indian entrepreneurs:

The Mumbai underworld chooses soft targets: The financial year ended March 2006, and everyone's filed their income tax returns. At least the advance tax. A CNN-IBN report says, someone in the IT department leaked out information about the high-flyers, and they're now getting extortion calls from the Mumbai underworld. Thankfully, I am out of the country and don't take my cellphone on international roaming. Given their cut-off criteria, someone like me would probably be on that special list.

Interview with Jasjit Sawhney, founder of Net4India: Interesting interview with Sawhney, where he talks about his varied background in law and forex, before coming to India to launch one of the most successful ISP's we have. Note their venture into the PCO business, which is pretty low-tech, but must've appealed. Adds to my constant refrain that entepreneurs need not always look at high-tech stuff. Some of the best ventures are those that fill a niche, regardless of the technology. They're also strongly venturing out into the Middle East and South East Asia. Looks like a good time to approach them for potential partnership talks!

Ah, the dream looks like it might be coming true: As I have often evangelized earlier, the true rise of the Indian economy (India Shining and all that) depends greatly on the number of new enterprises that start and grow. This article talks about a significant increase in the number of new entrepreneurs, primarily in the "advanced" states of Maharashtra, Tamil Nadu, West Bengal, Uttar Pradesh, and Andhra Pradesh. I think West Bengal is a state that will far exceed expectations in this regard. The commies aren't sitting quitely. What is even more interesting is that the growth of entrepreneurs in rural areas has outstripped that in the urban areas. Looks like this time the Green Revolution will refer to the color of Rs. 500 notes!

Sunday, June 11, 2006

I am quite likely to take a hiatus from blogging till the 15th. The following work is piled up (and all my pride about my multi-tasking skills is faltering):

Writing and testing some scripts and developing a tool for a firewall analysis project we're currently doing - Perl, SSH and Visual Studio. We're already a tad bit behind schedule on this one.

Writing a book on a really cool security tool - actually I am just one of three other authors, but it should be nice to have a published book. It requires Linux, which requires VMWare, which hogs up half my RAM, and makes my work really slow!

Regular email correspondence - with Mumbai office, partners, and other assorted communication. I also managed to delete a couple of hundred emails accidentally, when trying out the mail2web service! ARGH!

Gmail is constantly on with its built-in chat functionality, which I use to keep in touch with people back at the office

Our accountant just got a very tempting offer from a larger firm, so preparing a counter-offer to make him stay on. I hope he does!

Managing an ISO 27001 compliance project directly, and a couple of other projects remotely

Have to fly out of here next week to wrap up one of our biggest compliance projects, and somehow extricate myself from the current firewall project (see #1). This is going to be one helluva challenge.

We posted for an opening on Monster.com for a VP of operations for our Mumbai office. (I need to take a vacation soon!). Have received over 250 responses in 4 days, and I now need to trudge through that deluge to find out who would fit the bill. Shall post on this more, as things progress.

Things got slightly more complicated due to a trip I had to make to Delhi to discuss a possible partnership with IBM. The deadline for the book is the 15th of June, so it is likely that I will be ale to post again only after that.

Sunday, June 04, 2006

Well, here's a really nice blog on entrepreneurship from Andrew Fife, who also happens to be co-founder of an information security software firm Cryptine Networks. Since I happen to run an information security consulting firm as well, I thought I'd cross link to some of the really nice articles on that blog.

I've always debated the point of getting very personal on this blog, but then that's what blogging is about, right? So here are the books I am currently reading, the one's I just finished reading, and the one's on my reading list:

Current list:1. On Equilibrium - an absolutely brilliant book by John Ralston Saul on the six qualities of the new humanism - common sense, ethics, imagination, intuition, memory and reason. Liberating to think that there's so much more to humanity than the godhead of Reason.2. The Wealth of Man - just started on this one. It's breathtaking in it's sweep of the human endeavor from the start of agrarian economies to the modern day knowledge economy.3. Shakespeare's Tempest - a friend very strongly recommended it, and I happened to find a copy of it online here. Reached Act II, Scene I.

Just finished:1. Iacocca - yup, I'm probably the last adult on the planet to read this book, but I just got my hands on it, and lapped it up in a few days. Excellent stuff. The unceremonious exit from Ford, and the amazing comeback with Chrysler2. The Jeeves Omnibus: P. G. Wodehouse is an eternal favorite. The adventures of Bertram Wooster, and the life-saving help from the ever trustworthy Jeeves is always a pleasant break from work.3. Globalization and it's Discontents, Joseph Stiglitz - a scathing critique of globalization in it's current form, and the hidden agenda of the IMF from the man who was the Chief Economist and senior vice president at the World Bank. I regret that he does not mention India, which is now one of the main focus areas of the globalization forces.

Saturday, June 03, 2006

Here are two diametrically oppositive views of customer service. During one of my previous trips to the Middle East (Bahrain), I happened to be with a colleague who is equally adventurous about exploring new eating joints as I am. Even when we can't read the menu or pronounce what we want to order. During one of our jaunts we walked into a Turkish restaurant, and essentially pointed to what we wanted to order. They had an oven with freshly baked bread, and pies and other stuff. The food was so good that we didn't notice the really lousy customer service. And when I say lousy, I mean it was really bad. Not once did the waitress or any of the others so much as smile. In fact, all of them had a clear expression of not wanting to serve us, and disliking our presense there. And nothing racial about it at all. This is actually the way they were with everyone. It was as if they simply didn't want us there. But we're made of tougher hide, especially when the food is as good as it was. So we kept going back there 2-3 times during the week and their demeanor never ever changed - the waitresses, the cashier/owner, the baker, the cooks - they all had a really sullen expression on their face. But the place was doing amazingly well. There was tons of competition along that street, but it was simply the food, which was so good that nothing else mattered. So all those gurus of "customer delight" should do a rethink. If your product is god damn amazingly good, then you can probably scrimp on the customer service!

On the other hand, I had a screw come off on my spectacles and walked into what looked like a really nice spectacle shop - again here in the Middle-east (Riyadh). It's called "Magrabi Opticals", and they're a chain of really high-end eyecare shops all over the region. At first, I thought they'd charge me a bomb to replace the screw, but even though he didn't speak much English, and my Arabic sucks, the proprietor smiled, took the glasses, and told me to take a seat and they'd get it done in a jiffy. The place was impressive, it looked more like a jewelry store than an eyewear one. They had some really cool software to calculate the price and the lens quality and the whole nine yards. Their eye testing equipment was absolutely state of the art. I've always wanted to get powered sunglasses, and given their superb customer service, I ended up indulging in a 900 Riyal (USD 300) pair of Armanis. Sheesh! So here's the other perspective - if you're in a highly competitive market such as eyewear, then great service can induce really vain customers into spending hundreds of dollars, when they could've gotten out of there for free!